Medtronic Diabetes Suite of Mobile Applications Privacy Notice


For Medtronic Diabetes Suite of Applications based in the United States


Last updated: May 2024

This privacy notice applies to how the Medtronic Diabetes Suite of Mobile Applications (collectively, the “Mobile App”) which is provided by Medtronic Diabetes (together "Medtronic Diabetes “, “we" or "us”) uses information about you (“personal data”) in connection with the activities described below, including when you install or download the Mobile App to your electronic device, data you share with us through the Mobile App, data shared by your electronic device with us, or when you contact Medtronic Diabetes customer service or support in the United States.

In this privacy notice, we’ll tell you what personal data we obtain about you when you use our Mobile App, how we use that information, with whom we share it, what rights you have regarding your information, and how to contact us to exercise these rights.

This privacy notice does not apply when you have been notified that an alternative notice applies (for example on other Medtronic websites) or where Medtronic processes your personal data on behalf of your medical institution or healthcare professional in connection with your medical treatment. Your medical institution and/or healthcare professional is solely responsible for the processing of your personal data for the provision of your medical treatment and care.

The Mobile App may contain links to other apps or websites. Some of those websites or apps may be operated by Medtronic Diabetes, and some may be operated by third parties. Medtronic Diabetes and its affiliates, including our international affiliates, also operate other websites. This privacy notice does not apply to any other application or website, even if operated by Medtronic Diabetes. When you leave the Mobile App, please read the notice at each place you visit to see how that location processes your data. In addition, some sections of this notice only apply to certain geographies, as described further below.

Unless set out otherwise below, the Medtronic company responsible for processing your personal data is MiniMed Distribution Corp., a wholly owned subsidiary of Medtronic MiniMed, Inc. (collectively, “Medtronic Diabetes”).


Personal data at Medtronic Diabetes

This section describes how Medtronic Diabetes uses your personal data collected via the Mobile App. The information we collect depends on how you use the app, as detailed below. Unless we need your personal data to comply with laws and regulations, you are not required to provide information to us but, if you choose not to do so, we may not be able to offer you certain services and related features, or to respond to requests that you may have.


Mobile App Set-Up, Registration and Account Creation

  • What personal data we obtain
    • Identification information, such as your name, user ID number, date of birth or age, profile picture (optional), authentication/verification codes, and account verification questions/answers.
    • Location data, such as your country/region and language preference.
    • Login credentials, such as your username/email address and password.
  • How we use your data
    • Registering your device.
    • Create and manage your account, including to authenticate you and ensure account security.
    • Multi-factor authentication and authorization to provide additional security for your accounts.
    • Personalize your profile based on your preferences or selections your made.

When you download the Mobile App, from Google Play™ store or Apple® to your Android device or iPhone, you will be prompted to log into your CareLink™ Personal Account and connect to the CareLink™ Connect App. Upon login to your CareLink™ Personal Account you will be presented with a series of consent choices. You may choose not to provide certain information but then you might not be able to take advantage of the services offered by the Mobile App.

Mobile Device Data and Access

  • What personal data we obtain
    • Identification information, such as your name, user ID number, date of birth or age, profile picture.
    • Location data, such as your country/region and language preference.
    • Device information including device description, device model and manufacturer, version of your operating system, unique device ID, platform, date of registration, device location, third-party data, and any other data you choose to provide.
    • Geolocation data of your mobile device.
    • Biometric data such as fingerprint or facial recognition technology that you use to access your mobile device.
    • Login credentials, such as your username/email address and password.
  • How we use your data
    • Request permission or access to certain features from your mobile device, including your mobile device microphone, mobile device camera, storage, and other related features.
    • Request permission to track location-based information from your device to offer or provide location-based services.
    • To detect and authenticate the identity of the user trying to access the Mobile App.
    • To send push notifications regarding your account or the Mobile App.
    • If you connect to third-party application and grant permission to share your data, with your consent.

You can opt-out or control and manage your preferences by using your mobile device’s settings at any time.

Communicating with You

We may collect and process your personal data to communicate with you about your treatment, therapies, or services, including at your request.

  • What personal data we obtain
    • Your contact information, such as name, email address, postal address, telephone number, geographic location, language, date of birth, communication preferences, and optional profile pictures and third-party login information.
    • Dates of birth and death, legal guardianship, emergency contact status and information, and names and contact information of authorized persons named by you.
    • Information about your medical device or treatment, including medical device name, device identifiers (such as model number, manufacturer, medical device serial number, IMEI/MEID, Unique device ID), implant date (if applicable), and your health data related to treatment.
    • Information about your care team, health-care professional, hospital/facility name, address, and phone number.
  • How we use your data
    • Recording your preferences, including for communications from us.
    • If you are a Patient, to transmit data to your health care provider.
    • Communicating with you about your condition or treatment, including information about your condition, treatment, or device pre- and post- trial and permanent implant.
    • Communicating with you about your device, including notifications about device configuration and status, as well as safety or quality issues if they arise.
    • To provide services to you through the App, including services to manage your health condition, responding to your questions, concerns, requests, complaints, or comments.
    • Provide you with information on products, services, therapies, or suggestions you requested via the Mobile App.
    • Customize or improve the content, recommendations and offers that we display to you on the services.
    • Email you regarding your account, any updates, newsletters, or promotions.
    • To develop records including records of your personal health information
    • Fulfilling your requests for information from us.

We may collect aggregated information through our chat services using cookies and through other means as described in this privacy notice.

Sensitive data use

Some of the data we collect, and use is considered sensitive under applicable laws, which may include, for example, health- and financial-related data and genetic/biometric data. Our collection and use of sensitive personal data is limited to that which is necessary to provide you with your requested services, including treating your condition. You can choose to withdraw or withhold your consent, but you may not be able to use certain services or mobile app functionality where sensitive data is necessary.

Data you provide to us

We may ask that you, your account administration, or any individual authorized by you not to send or disclose any other personal data other than the data that we ask you.

Analysis, Research, and Development

We may collect and process your personal data for research and development purposes, such as improving the quality, safety, and efficacy of devices, services, interfaces, and treatments.

  • What personal data we obtain
    • Your medical device, including device ID, telemetry, and model/serial number, device usage data, user-generated content, and product usage data.
    • Your medical device treatment history, including implantation details.
    • Your device/networking information, including system generated user ID, system log including system events and error logs, machine data, system configuration, system generated procedure ID, device ID, other data collected during your interaction with our therapies or related services, and date and time stamps.
  • How we use your data
    • Analysis, including event and crash detection, repair, and improvement, and utilization and efficacy reviews.
    • Research, including activities resulting from that research such as developing and improving programs, therapies, related services, and content.

Cookies and similar technologies

When you visit our websites or apps, we may collect certain information by standard practices, including cookies and similar technologies, such as Flash cookies, local storage, web beacons and pixels, JavaScript, software development kits (SDKs) and device identifiers. While personal data collected through these technologies is not shared for money or other similar compensation, the use of these technologies may be considered personal data sharing under applicable law. The types of technologies, purposes of use, parties involved, and controls available to you, which may vary across Medtronic Diabetes digital offerings, are detailed in our Cookie Policy.

  • What personal data we obtain
    Your device information including the IP address, identifiers associated with your devices, device and operating system type and characteristics, language preferences, your interactions with the Mobile App (such as the pages you visit, links you click and features you use, dates and times of access to the Mobile App, the website or source that linked or referred you to our services), and other information about your use of the Mobile App.
  • How we use your data
    Cookies and similar technologies (“Cookies”) are used by Medtronic Diabetes for several reasons. Cookies are sometimes necessary for our sites or apps to operate correctly. For example, secure logins may use cookies to work properly, and cookies may also be used to identify any suspicious activities so we can try to protect users from payment fraud and other inappropriate activities. Cookies allow us to collect information about how you use our Services, (e.g. how you downloaded our app or where you downloaded it from) how the app is used on your mobile device (e.g. what features you use and how well our services work). We may use cookies to collect demographic information (e.g. age, location, etc.) and count the visitors to the Mobile App and learn how they use the Mobile App and their features, enabling us to continually improve the visitor’s experience. Cookies may also allow us to provide you with enhanced functionality such as video content and show you targeted ads on other sites or social media channels. Depending on your location, some Cookies may require your consent. Click here to know more about our use of Cookies and how to manage your Cookie settings and preferences.

Telephonic Contact

Medtronic Diabetes may contact you after obtaining your consent by text messages or phone calls at the phone number(s) provided using automated technology from or on behalf of Medtronic Diabetes concerning the marketing, advertising, or offers of sale of Medtronic Diabetes therapies or related services, and exceptions being any information requested by you. By providing your consent, you certify that (a) you are age 18 and older, (b) the contact information you provide is yours, and (c) you authorize and consent to use of the information provided for Medtronic Diabetes to contact you. Your consent is not a condition for purchase. Airtime, message, and data rates may apply. You may opt out at any time by (i) texting "STOP" in return to a text or (ii) signing into your Medtronic Diabetes profile and updating your communication preferences.

Secondary Use of Data

With the authorization of your Medical Institution, the data obtained as part of the services provided to your Medical Institution may be further used for Medtronic Diabetes legitimate business purposes, including to improve and develop Medtronic Diabetes products and services, to conduct benchmarking, business analytics or market research, to train and educate Medtronic Diabetes personnel or healthcare professionals, or to support regulatory filings and the reimbursement of Medtronic Diabetes products and services, based on Medtronic Diabetes legitimate interests to do so.

For such purposes, your data will be used in a de-identified, aggregated, or otherwise anonymized manner.

Compliance with Law and Medtronic Diabetes Policies / Legal rights

In some circumstances, we are obliged to process personal data to comply with applicable legal requirements and our policies, to perform auditing and other internal functions, or for litigation and dispute resolution purposes.

  • What personal data we obtain
    • Your identification and contact information, and any other information as is necessary and relevant to the particular case, e.g., in the event of an (internal) audit, information contained in documents and materials audited, or in the event of litigation, information gathered in the evidence necessary for the litigation.
  • How we use your data

    We will use your information - in an anonymized, de-identified or redacted form, where appropriate - in order to:

    • Comply with applicable legal requirements, regulations, court orders or other legal processes.
    • Comply with our policies.
    • Establish, exercise, or defend our legal rights.
    • Conduct (internal) audits, investigations, or due diligence checks for the above reasons.

We will do so as necessary to comply with legal obligations to which we are subject in your country or region, or as needed to fulfil our legitimate interests, in particular in conducting business in compliance with all applicable laws and the highest ethical standards, protecting our rights or property, protect someone's health, safety or welfare; and asserting or defending legal claims, or with your consent where required by law.


Data Sharing

In the ordinary course of business in carrying out the purposes described in this notice, we may share your personal data with certain categories of third parties, including:

Medtronic Diabetes affiliated companies given the corporate structure of Medtronic Diabetes; your personal data may be shared with other affiliates within the Medtronic Diabetes group.

Service Providers:

Medtronic Diabetes may share personal data with relevant third-party service providers, who act on our behalf to fulfill the activities noted in this privacy notice, including IT providers, providers of communication tools and customer relationship management systems, survey tool providers or platforms, event organization management tool providers, outsourced operations such as email automation tool providers, cloud hosting service providers, and contract management platform providers.

To Business and Other Specialists:

Medtronic Diabetes may share personal data with external organizations with which it has partnered (such as research partners and partners in co-branded initiatives), and with external specialists or professional advisors within a particular field (such as lawyers, consultants, tax advisors, auditors, specialist delivery providers, banks, payment service providers and benchmarking agencies). In cases where those third parties are independently responsible for the processing of your personal data, their privacy notice will apply to their processing of your data.

To Others for Legal and Related Interests:

Medtronic Diabetes may share personal data where it is:

  • Required by law.
  • Required to disclose and/or share your personal data with regulatory, public, or governmental authorities to comply with any law, regulation, court order, legal or government request.
  • Allowed or required by law for public health purposes, including reporting complaints and quality issues to medical device regulators.
  • Needed to protect its own or others vital interests, including the safety of life and property, or for investigating illegal or malicious activities, where allowed by law.
  • Needed to exercise or defend legal claims.
  • Needed with its corporate affiliates, who have the same privacy requirements; and
  • Needed to fulfill corporate transactions (such as mergers, acquisitions, dissolutions, or divestitures), as well as for to companies with whom Medtronic Diabetes is working on a potential or pending corporate transaction.

Others, per your request: With your consent, we will share your personal data with any other parties you choose, such as your caregivers.


International Transfers

In some cases, Medtronic Diabetes may transmit, or store personal data collected with affiliates, vendors, or sites in other countries. We will only transfer personal data as allowed by applicable law to further the purposes set out in this document. Where personal data is transferred to another country, we take administrative and technical measures to ensure adequate safeguards and protections are applied as provided for by applicable law. In cases where personal data is transmitted to other countries, we will ensure that safeguards equivalent to those required by applicable data protection laws are in place. For more information on the safeguards implemented by Medtronic Diabetes, please contact us via email at rs.globaldataprivacyoffice@medtronic.com.

For more information on Medtronic Diabetes affiliates (including those affiliates to whom personal data may be transferred) please consult Exhibit 21 of the most recent annual 10-K filing, available at https://investorrelations.medtronic.com/sec-filings.


Data Retention

We will only keep your personal data for so long as necessary to fulfill the purposes for which we are allowed to use them, as set out in this privacy notice or as required by law.


Your Privacy Rights

You may have some of the rights below relating to your personal data, depending on applicable laws. Additional information may be found in the Specific Jurisdictions section.

  • Access your personal data and confirm how your personal data is being processed.
  • Transfer or obtain a copy in a structured, machine-readable, or portable format.
  • Correct or amend if it is incomplete, inaccurate, or outdated.
  • Request deletion. Subject to applicable law, we may sometimes deidentify this data.
  • Restrict or limit excessive or unlawful processing, where the accuracy of the data is contested.
  • Object to or opt-out of processing in circumstances where Medtronic Diabetes claims a legitimate interest in its processing and where your rights outweigh those of Medtronic Diabetes, such as where that data is used for direct marketing (including email or telephonic marketing).
  • Withdraw (or manage) consent where it is the basis for processing, which may include cases where the data is sensitive or on children. Where consent is revoked, we will not further process that data unless required or otherwise permitted by applicable law.

Exercising Your Rights

How to exercise your rights. You or your authorized agent may exercise these rights at any time or contact us with any inquiries through the methods provided in the “How to Contact Us” section below.

Process. We will first confirm that we have received your request. For rights requests, we are required to verify your identity, your right to access the information requested, and, as applicable, your authorized agent’s authority to act on your behalf. We may need to ask you for additional information that will help us do so, including government-issued IDs containing your name and address, utility bills containing that same information, and/or unique identifiers like usernames. We will only use that additional information in the verification process, and not for any other purpose.

After the validation of identity and authority (including if we do not receive that information), we will process your request and then contact you with our response to your request, including any data and reasons for rejection as applicable, within the time required by applicable law. If we need more time, we will notify you in accordance with applicable law.

Fees. We may charge a reasonable fee in some geographies to process or respond to your request only if allowed by applicable law, for instance if it is excessive, repetitive, or manifestly unfounded. If a fee is warranted, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Additional Options. Depending on your jurisdiction, you may have additional options if you are dissatisfied with our response:


  • You may internally appeal or contact our Data Protection Officer if you disagree with a decision we made about your rights. Please include a copy of or reference to the decision.
  • You may also complain to a data protection or regulatory authority if you have further concerns about our data practices or our response to a request. If you need information about which authority may apply to you depending on your location and circumstances, please contact us.
  • You will not be discriminated against for your exercise of your rights. This does not necessarily include, depending on applicable law in your jurisdiction, cases where a difference in price or services offered is reasonably related to the value provided by your data, or where you consent to participate in a voluntary loyalty or similar incentive program.

Children and Personal Data Online

We do not intentionally collect personal data from children (as defined by applicable law) unless we have received verifiable consent (from the parent or the child, depending on the requirements of applicable law) unless a legal requirement or vital interest applies. If you believe we have collected personal data from a child, please contact us using the information found in the “How to Contact Us” section.


Special Provision for Specific Jurisdictions

United States of America

  • Past practices. The statements in this notice are Medtronic Diabetes data processing activities for the described scope of the notice both as current and within the past twelve months.
  • Protected Health Information under HIPAA. In cases where the Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the use of your data, our Notice of Privacy Practices will apply. Data governed under HIPAA may be deidentified through either or both the Safe Harbor and Expert Determination methods. While that data is then deidentified, Medtronic does not, and will not permit others to, reidentify deidentified PHI except as required by applicable law or as directly consented to by the subject of that PHI.
  • Sales/Sharing of personal data: Medtronic Diabetes does not sell your personal data for money or other consideration, nor share it for direct or behavioral marketing purposes, with unrelated third parties, except as described in the Cookies and similar technologies section.
  • Right to opt-out or object. As noted above, you may have the right to opt-out of some processing, such as sharing data with third parties for their own or for cross-contextual marketing, sales of personal data, making certain decisions or profiles about you by automated or artificial means, or certain kinds of automated/prerecorded telephonic messages.
  • Right to restrict or limit. In some jurisdictions you may have the right to restrict some processing if the data is sensitive and used for purposes additional to delivering requested goods/services.
  • Exercising your privacy rights. United States residents can file a privacy rights request here as well. You do not have to create an account with us to submit a request.

Updates to this Privacy Notice

This privacy notice may be updated periodically to reflect changes in our personal data practices. We will indicate at the top of the privacy notice when it was most recently updated.


How to Contact Us

If you would like to exercise your privacy rights or if you have any questions about this privacy notice you may contact us as follows:

General inquiries (all geographies): By email: rs.globaldataprivacyoffice@medtronic.com

US inquiries: By email via the general inquiries email address or phone: +1 (866) 639-6907. You may also mail our general-purpose corporate mailing address is at Medtronic, Inc. 710 Medtronic Parkway Northeast, Fridley, Minnesota 55432-5603, United States.